f65f9e42ccb635f45fe31a8b3a757848d57c145dbcd5f930a99ca652e53de07c

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 13:33

Target

c8bc37438f89503365e032ce5d5ece7f.exe
Size

2.9MB
MD5

c8bc37438f89503365e032ce5d5ece7f
SHA1

3dc3886d904fae9f52520877f6487cc3514a2dba
SHA256

f65f9e42ccb635f45fe31a8b3a757848d57c145dbcd5f930a99ca652e53de07c
SHA512

3e7001ecf4619cb90cc6db8baa00bd80ce075e776c5a70344eb060dc0658d6651dd5777781437f0fa3f1d1e4346c439673a2d9130845ba4bceebf85a9c445c61
SSDEEP

49152:VF1vXUvt2elwXMPIv6H2UP4cbSkON74NH5HUyNRcUsCVOzetdZJ:VF1vEvt2e6XwIvq2g4ctO4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4232	c8bc37438f89503365e032ce5d5ece7f.exe

Executes dropped EXE 1 IoCs

pid	Process
4232	c8bc37438f89503365e032ce5d5ece7f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3856-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023290-11.dat	upx
behavioral2/memory/4232-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3856	c8bc37438f89503365e032ce5d5ece7f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3856	c8bc37438f89503365e032ce5d5ece7f.exe
4232	c8bc37438f89503365e032ce5d5ece7f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 4232	3856	c8bc37438f89503365e032ce5d5ece7f.exe	97
PID 3856 wrote to memory of 4232	3856	c8bc37438f89503365e032ce5d5ece7f.exe	97
PID 3856 wrote to memory of 4232	3856	c8bc37438f89503365e032ce5d5ece7f.exe	97

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe

Filesize
1.9MB

MD5
5220e84c5bde6bd2e25df11322929d50

SHA1
40a90333b79b861f1f6b5d5400741f68c9100319

SHA256
96f64a9b981ae04e8a072191271535e2c65f113975f7ddd5492c2759a954b24c

SHA512
40d0321c3ba4f81a2dfcebc18ad75908e226e07b86b34171c03e403d1dfa184cad465f46aaf555a7bc644038daa35dc9c40027f0f8979d10b978d78b4cd9c31a

Download Submit
memory/3856-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3856-1-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/3856-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3856-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4232-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4232-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4232-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4232-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/4232-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4232-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download